Solution : https://service.sap.com/sap/support/notes/1298433 (SAP Service marketplace login required)
Summary :
The SAP gateway vulnerability arises due to a kernel bug, leading to possible bypass of reginfo and secinfo settings, allowing unauthorized program communications. Affecting all kernel releases, a temporary gateway modification inconveniently restricted valid program registrations via SAProuter. To permanently resolve this, apply the latest kernel patch, set the gw/reg_no_coon_info parameter, and utilize secure connections through SNC-secured SAProuters or VPN tunnels. Firewall protection and monitoring via transaction SMGW are recommended as additional safeguards. Ensure correct parameter management, as advised in Note 1444282.
Key words :
downloading kernel releases 31i-45b, kernel releases 31i-45b, access control list, secure network communication, wide area network, virtual private network, parametergw/reg_no_conn_infoto activate, mainstream/extended maintenance, function module th_change_parameter, gw/sec_info reason
Related Notes :
| 1529849 | Gateway security setting in an SCS instance, AS Java |
| 1465129 | CANCEL registered programs |
| 1444282 | gw/reg_no_conn_info settings |
| 1434117 | Bypassing sec_info without reg_info |
| 1394093 | Collective Security Note |
| 1391655 | Authorized access to SAPFTP |
| 1391464 | Authorized access to SAPHTTP |
| 1305851 | Overview note: reg_info and sec_info |
| 1294105 | Core in gateway |
| 1280641 | reginfo, secinfo: Changing #VERSION=2 does not work |
| 1105897 | GW: reginfo and secinfo with permit and deny ACL |
| 1069911 | GW: Changes to the ACL list of the gateway (reginfo) |
| 888889 | Automatic checks for security notes using RSECNOTE |